Detecting DDoS Attacks in Software De?ned Networks: An Experimental Study of Stream Sampling Methods

Thumbnail Image

Files

Harris_umbc_0434M_11650.pdf (367.86 KB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/15504

Collections

UMBC Theses and Dissertations

Author/Creator

Author/Creator ORCID

Date

2017-01-01

Type of Work

theses
Text

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Subjects

DDos
SDN

Abstract

I propose and experimentally evaluate a new sampling method for a streaming algorithm to improve Distributed Denial of Service (DDoS) detection in Software Defined Networks (SDNs). My method leverages the SDN architecture of OpenFlow and its novel capabilities to improve detection by analyzing traffic by flow. This approach can lower the cost of gathering data for analysis and improve the detection rate. Using the Mininet emulation environment, I compare the new sampling methods using my adaption of the hierarchical heavy hitter algorithm in a SDN environment and analyze the differences to a possible implementation on a legacy network. My work shows that clear differences can be detected by using per flow sampling to detect hierarchical heavy hitters from traffic that contains heavy flows.